<?php
/*
+--------------------------------------------------------------------------
|   phpBIZbiz v3.0 full version
|   ========================================
|   by taft@wjl.cn
|   http://www.phpbiz.cn
|   all rights reserved
+---------------------------------------------------------------------------
|
|   > 
|   > 最后修改日期：2005-9-9
|   > 
|
+--------------------------------------------------------------------------
*/
!function_exists('do_login') && exit('Forbidden');
$pwd = new password;
class password
{
	var $base_url;

   /**
	*     password构造函数
	*
	*     @access public
	*/


	function password()
	{	
		global $ADMIN,$INCOME;

		$ADMIN -> nav[] = array( "act=pwd","修改密码" );  //导航条

		if($INCOME['change'] == 'yes')
		{
			$str = $this -> do_change_password();
			$this -> error("$str");
			exit();
		}
		else
			$this -> do_password();
	}

	function do_password()
	{
		global $INCOME,$ADMIN,$SKIN;

		$ADMIN -> title = "管理员修改密码";
		$SKIN -> td_header[] =array("","30%");
		$SKIN -> td_header[] =array("","");

		$ADMIN -> html = $SKIN -> table_head();
		
		$ADMIN ->html .= $SKIN -> form_head();
		$ADMIN -> html .= $SKIN -> form_element( array( "hidden" => array("change","yes")));
		
		$ele = $SKIN -> form_element( array("password"=>array("old_pwd","" )) , array("style" =>"width: 100%;") ); 
		$ADMIN -> html .= $SKIN -> table_row( array("请输入旧密码：","$ele") );
		
		$ele = $SKIN -> form_element( array("password"=>array("new_pwd","" )), array("style" =>"width: 100%;")); 
		$ADMIN -> html .= $SKIN -> table_row( array("请输入新密码：","$ele") );
		
		$ele = $SKIN -> form_element( array("password"=>array("new_pwd2","" )), array("style" =>"width: 100%;")); 
		$ADMIN -> html .= $SKIN -> table_row( array("请再次输入新密码：","$ele") );
		
		$ADMIN -> html .= $SKIN ->  form_end("修改");
		$ADMIN -> html .= $SKIN -> table_end();
		$ADMIN -> output();
	}
	function do_change_password()
	{
		global $DB,$INCOME,$_SESSION;

		//print_r($INCOME);

		if( $INCOME['new_pwd'] != $INCOME['new_pwd2'] ) return "两次新密码不一致";
		
		$pwd_md5 = md5($INCOME['old_pwd']);

		$sql = "select * from `biz_admin_user` where `user_password` = '$pwd_md5' and `user_id` = '$_SESSION[user_id]'";

		$DB -> db_query($sql);

		if( ! $DB -> db_fetch_row()) return "旧密码不正确";
		else
		{   
			$new_md5 = md5( $INCOME[new_pwd] );
			$sql = "UPDATE `biz_admin_user` SET `user_password` = '$new_md5' WHERE `user_id` = '$_SESSION[user_id]' LIMIT 1";
			$DB -> db_query($sql);
			return  "修改密码成功！";
		}
		return "修改密码失败！";
	}

	function error($msg)
	{
		global $ADMIN;

		$ADMIN -> page_instruction="<br><br><span style='color:red;font-weight:bold'>$msg</span>";
		$ADMIN -> output();

	}

}

?>